karlyan17: Yes if your roommate is playing and you are sharing the same router, then you cannot play at the same time. Port forwarding means, that the router just sends every packet that gets to port 6112 to the configured forward.
This is partly true, but incomplete. It's perfectly possible to have multiple people behind a single router playing at the same time. It does however require configuring the router with individual forwardings for each player. Low end consumer home routers may not be flexible enough to let you do the right thing, even if you know exactly what you want to do. More advanced ones (including devices built on Linux if the device exposes the underlying firewall capabilities) can do the right thing.
The rest of this post is a rough description of how to do it on a Linux-based router. You will probably need to read your router's documentation or other online advice to map it to something that works for you, but it should give you a starting point for research. You can also ask here for further help, but I cannot guarantee anyone here will know how to (or even if you can) configure any given router.
You need, for each internal computer:
- A
nat rule to remap incoming traffic to the appropriate internal system. In iptables syntax, this would be
iptables -t nat -A PREROUTING -d $MY_INTERNET_IP_ADDRESS -p udp -m udp --dport $PLAYER_EXTERNAL_PORT -j DNAT --to-destination $PLAYER_INTERNAL_IP:6112 - A
filter rule to permit the incoming traffic to be delivered. (Otherwise, a default-deny policy will block the traffic.) In iptables syntax, this would be
iptables -t filter -A FORWARD -d $PLAYER_INTERNAL_IP -p udp -m udp --dport 6112. Yes, we want a literal
6112 here, because that is what Diablo (and Starcraft, and Warcraft 2) use. The
nat rule above rewrote whatever external port to be a literal 6112.
- A
nat rule to remap outgoing traffic, as a mirror of the above. On simple setups (only one person playing), an implicit rule can do the right thing. Here, we want to control exactly what happens so that we can guarantee this rule cooperates with the above
nat rule. In iptables syntax, this would be:
iptables -t nat -A POSTROUTING -s $PLAYER_INTERNAL_IP -p udp -m udp --sport 6112 -j SNAT --to-source $MY_INTERNET_IP_ADDRESS:$PLAYER_EXTERNAL_PORT. This takes outgoing traffic and gives it the correct public IP (easy, and automatic in the simple case) and more importantly, fixes up the port so that it mirrors the rule for incoming traffic. This ensures that unsolicited traffic (people trying to join your game) contact you on the correct port.
$MY_INTERNET_IP_ADDRESS: your public IP address. Your router knows this address. If you're lucky, it even has a syntactic shortcut to insert that in the rules without requiring you to look up the actual value. You probably should not post this, unless you don't care about privacy.
$PLAYER_EXTERNAL_PORT: the public UDP port you want your traffic to appear to have, as seen by battle.net and the rest of the world outside your home network. Each player needs a separate value here. For simplicity, give player #1 port 6112, player #2 port 6113, etc. Assign one port to every computer you might want to use, whether or not any given pair of them ever play online at the same time.
$PLAYER_INTERNAL_IP: the internal (usually, but not always, 192.168.0.x) address of that player's computer. Get it from
ipconfig at a Windows command prompt. If you're lucky, your router always assigns the same address to the same computer. Common values are 192.168.x.y, 172.16.x.y, or 10.0.0.x. You can safely post these addresses; they are only meaningful to your router and the systems on your home network.
